9 лет назад · 830326178b
--- a/etc/certs/make_certs
+++ b/etc/certs/make_certs
@@ -1,24 +0,0 @@
 
				-#!/bin/sh
			
 
				-
			
 
				-rm -rf temp
			
 
				-
			
 
				-mkdir temp
			
 
				-
			
 
				-echo 01 > temp/serial
			
 
				-touch temp/index.txt
			
 
				-
			
 
				-## create ca certificate
			
 
				-openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365  -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
			
 
				-openssl x509 -in cacert.pem -out temp/cacert.cer -outform DER
			
 
				-
			
 
				-## create server certificate
			
 
				-openssl genrsa -out server-key.pem 2048
			
 
				-openssl req -new -key server-key.pem -out temp/server-req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes
			
 
				-openssl ca -config openssl.cnf -in temp/server-req.pem -out server-cert.pem -notext -batch -extensions server_ca_extensions
			
 
				-
			
 
				-## create client certificate
			
 
				-openssl genrsa -out client-key.pem 2048
			
 
				-openssl req -new -key client-key.pem -out temp/client-req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes
			
 
				-openssl ca -config openssl.cnf -in temp/client-req.pem -out client-cert.pem -notext -batch -extensions client_ca_extensions
			
 
				-
			
 
				-rm -rf temp
			
--- a/etc/certs/openssl.cnf
+++ b/etc/certs/openssl.cnf
@@ -1,54 +0,0 @@
 
				-[ ca ]
			
 
				-default_ca = testca
			
 
				-
			
 
				-[ testca ]
			
 
				-dir = .
			
 
				-certificate = $dir/cacert.pem
			
 
				-database = $dir/temp/index.txt
			
 
				-new_certs_dir = $dir/temp
			
 
				-private_key = $dir/temp/cakey.pem
			
 
				-serial = $dir/temp/serial
			
 
				-
			
 
				-default_crl_days = 7
			
 
				-default_days = 365
			
 
				-default_md = sha256
			
 
				-
			
 
				-policy = testca_policy
			
 
				-x509_extensions = certificate_extensions
			
 
				-
			
 
				-[ testca_policy ]
			
 
				-commonName = supplied
			
 
				-stateOrProvinceName = optional
			
 
				-countryName = optional
			
 
				-emailAddress = optional
			
 
				-organizationName = optional
			
 
				-organizationalUnitName = optional
			
 
				-domainComponent = optional
			
 
				-
			
 
				-[ certificate_extensions ]
			
 
				-basicConstraints = CA:false
			
 
				-
			
 
				-[ req ]
			
 
				-default_bits = 2048
			
 
				-default_keyfile = ./temp/cakey.pem
			
 
				-default_md = sha256
			
 
				-prompt = yes
			
 
				-distinguished_name = root_ca_distinguished_name
			
 
				-x509_extensions = root_ca_extensions
			
 
				-
			
 
				-[ root_ca_distinguished_name ]
			
 
				-commonName = hostname
			
 
				-
			
 
				-[ root_ca_extensions ]
			
 
				-basicConstraints = CA:true
			
 
				-keyUsage = keyCertSign, cRLSign
			
 
				-
			
 
				-[ client_ca_extensions ]
			
 
				-basicConstraints = CA:false
			
 
				-keyUsage = digitalSignature
			
 
				-extendedKeyUsage = 1.3.6.1.5.5.7.3.2
			
 
				-
			
 
				-[ server_ca_extensions ]
			
 
				-basicConstraints = CA:false
			
 
				-keyUsage = keyEncipherment
			
 
				-extendedKeyUsage = 1.3.6.1.5.5.7.3.1